[dns-operations] CloudShield advices against dDoS
SM
sm at resistor.net
Thu Feb 21 07:26:24 UTC 2013
At 16:15 20-02-2013, Vernon Schryver wrote:
>http://www.cloudshield.com/applications/dns-truth-about-dnssec.asp
>On the other hand, this statement in that document might suggest
>confusion about DNSSEC:
>
> Even if DNSSEC were deployed broadly, it still would not ensure
> that DNS for a domain could not be misdirected. This is because
> DNSSEC does nothing to ensure that the listed authoritative name
> server for a domain name is one that is legitimately controlled
> by the owner of the domain name.
>
>Or maybe the definition of "legitimately controlled" is unrelated to
>delegations from parent domains.
>
>Or maybe he is thinking of regimes in which the bad guys control
>the root trust anchors on all computers.
I read it as meaning that listed authoritative name server is changed
by someone else through the "web panel".
Regards,
-sm
More information about the dns-operations
mailing list